svakom 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
Historical issues mainly involve vendor risk csrf and vendor risk command injection and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-11919 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. | [email protected] | 8.0 | 0.06% | 2024-11-07 | 2025-11-04 |
| CVE-2020-11918 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. | [email protected] | 5.4 | 0.03% | 2024-11-07 | 2025-11-04 |
| CVE-2020-11917 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) | [email protected] | 4.3 | 0.05% | 2024-11-07 | 2025-11-04 |
| CVE-2020-11916 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. | [email protected] | 6.3 | 0.02% | 2024-11-07 | 2025-11-04 |
| CVE-2020-11920 | An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root). | [email protected] | 9.8 | 4.41% | 2021-02-08 | 2024-11-21 |
| CVE-2020-11915 | An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order | [email protected] | 6.8 | 0.29% | 2021-02-08 | 2024-11-21 |